Learn NAV PowerShell in your coffee breaks

We thought that was a good idea. But we also thought we can do even better: Do some NAV PowerShell in your coffee breaks. This post is the first in a series of small script ideas of things you can do with NAV using PowerShell. If you find this useful or have ideas to improvements then please add your comments below and also suggest what you would like to see next.

Coffee Break 1: Add AD users to NAV.

User story

Consider the following scenario: With the new security model in Microsoft Dynamics NAV 2013 and later versions, it is no longer possible to add users and permissions by merely adding Windows Groups. Besides, as of NAV 2013, you may not be using Windows authentication. The user wants to automate what is otherwise a trivial task of looking up Windows users, and entering them into NAV.

The script below will give some ideas for adding NAV users in a batch.

Pre requisites:

Depending on which OS you run it on, you may need to install Remote Server Administration Tools (RSAT). Make sure to install the one that matches your OS and version. If you run Win 8.1 then install it from here:

#AD filter for use in the next line. If you are not on a large domain, then run the next line (get-aduser) without this filter, or if you use the filter then adjust it to your scenario and domain.

$Mysearchbase = "DC=<Domain>[,DC=<Corp Domain>,...]"

#For example:

$Mysearchbase = "DC=EUROPE,DC=CONTOSO,DC=com"

#Next we will get AD users. If you want to import only users from a Windows group or a subdomain, you can filter the result set on sub-domain/group/... Furthermore, we have chosen to retrieve only user name and alias in the example below, but choose any properties that fit your purpose. You can see the entire cmdlet output by running get-help <cmdletname>.Furthermore, we want to save this output into a list that we later can retrieve and modify if needed. The list format and default delimiter might vary depending on regional settings, a semicolon is defined here as a delimiter.

#Another way of assigning the output to a variable is using outvariable. Next we want to then pipe everything to New-NAVServerUser cmdlet to create new users in NAV. In the above example we have only read SamAccountName and User Name from AD, so to add users as Windows users to NAV, following our Contoso scenario, we need to add the domain name too : DOMAIN\samaccountname.

<#Consider now the following scenario. User wants to get AD users using the export script above, but wants to add roles to this user list, before importing them into NAV. So he will break the above process into 2 steps again - in step 1 he will save AD users into a list, then assuming a modified list with added roles - he will import the list of users and their roles into NAV in step 2.

Step one is then unchanged from the example above (using csv list). Next we will assume that the list is now modified to add roles to users.

Example below shows step 2, where this list is imported to create users and assign permissions in NAV. Userlist2.csv file refered to in the script below is the name of the csv file containing users and permissions. Example below shows format of this file (csv, semicolon delimited) with Contoso users as examples:

EUROPE\mrhill;BASIC,RAPIDSTART

EUROPE\mssaddow;BASIC,COST,CASHFLOW

EUROPE\joeroberts;SUPER

If a user or a role defined in this list already exists in NAV, the cmdlet is expected to continue since the ErrorAction parameter is set to Continue (which is also the default value of this parameter). However it is singled out here to direct the attention to error handling opportunities that best fit the user's scenario. Review the possible values of this parameter and how to use them using get-help cmdlet. The following blog is worth checking:

Thanks a lot for your comments. Great to hear that you like the examples. And thanks for sharing PowerShell – just what we want to see :-). Funny enough the next post we are planning also includes backups…